Phishing is a method used by hackers to try to obtain your personal data. The ideal result of phishing is to get hold of an unwilling user’s details such as login credentials and/ or bank details. Another possible consequence of this attack is where a user accidently downloads malware. The malware then infects the user’s PC.
Phishing attacks solely rely on the victim/ user performing an action without realizing the effects. Such actions maybe clicking a link or opening an email attachment.
Looking back at our last blog, we learned just how much spam emails have improved. By improved, we mean the appearance and content of such emails is looking increasingly genuine. The more genuine the email looks, the higher the probability a user may fall victim.
The idea of this blog is to highlight ways of identifying whether an email is a phishing attempt. Below is a list of factors that we recommend you always take into consideration when trying to decipher the legitimacy of a received email.
1 – If in Doubt, Throw it Out
First things first, if an email appears too good to be true, 99 times out of 100 it is. Any email you receive that looks unauthentic (Prizes, Lottery wins etc), delete the email straight away. Do not open or click on any links in the email.
2 – Trust Nobody
Ok, maybe don’t take this too literally. However, do critique every mail, particularly those from unknown senders. This ties in with the point above. Being skeptical could save you all kinds of headaches. Always act with caution when deciding on whether to open email attachments or proceed to web links.
3 – Check the Sender
This is always a handy way to form a judgement on the authenticity of the sender. Check their email address and pay extra attention to their domain (…@gmail.com for example). If the domain doesn’t look trustworthy, then chances are its not. Do be aware that sometimes, hackers will spoof domain names to make them appear reliable such as amazong.com instead of amazon.com. They may use any variation of the spelling to fool you.
4 – Analyze the Greeting
Always look at how the email addresses you. Does it say, ‘Dear user’ or ‘Dear Customer’? If the email is generically addressed, it is usually a red herring that it is hoax. Whenever you receive a legitimate email from say, your gas provider, it will be addressed specifically to you. When these hoax emails are generically addressed, it allows the hacker to bulk send these emails to consumers without having to make any edits to the email content.
5 – Hover over Images
Another method of determining legitimacy of an email is to hover your mouse over any links/ buttons/ icons in an email. When you hover over these, it should show what the domain they are pointing to. If the domain looks suspicious (see: Check the Sender pointer) do not click on the link. For any websites you know well, it’s always advisable to directly access them via your web browser.
6 – General Grammar/ Punctuation Check
Hoax emails can often be poorly written with broken sentences, and contain multiple spelling and grammatical mistakes. Have a look at a genuine email in your mailbox. You will notice that there are almost zero errors. Next time you receive an email that looks suspect, scrutinize the message content for mistakes. This can be a dead giveaway.
If you have fallen victim to a phishing email and clicked on a link or inputted personal information, change your password immediately. This can be vital!
If you have entered any bank details then it may be wise to cancel any debit/ credit cards and notify your bank in the first instance.
The frequency of hoax/ spam email attacks is ever rising. It is crucial to have the best email filtering in place to protect your systems. Such a system will significantly reduce the risk of these threats and stop new variations of malicious email from entering your network.
If email protection is something your company is currently lacking, speak to one of our security specialists today. Either call 1300 770035 or drop us an email at firstname.lastname@example.org
Comments are closed.